Between merchants like Amazon, entertainment and service providers like Netflix and Hulu, and mobile wallets that streamline payments (such as Apple Pay, Google Pay, and Samsung Pay), consumers have the opportunity to use their credit and debit cards to make payments across the internet. And though data on the internet can be vulnerable, you should know that payment processors are using technology to keep your account and card information safe. Here’s an example of one such technology, known as tokenization.

Using "Tokens" - Not Card Numbers

A number of recent high-profile breaches have demonstrated that data kept on websites isn’t always protected. That’s why tokenization is important. Rather than store your name, card number, expiration date, and other information, online platforms ask payment processors for a digital “token,” which is like a unique ticket to use your card for payments. 

Tokens allow payments to be processed without exposing account details that could potentially be compromised.

Each merchant or service provider you authorize to use your credit card or debit card uses a separate token – which is only valid for that specific platform, and in a certain specified way (such as recurring payments). For example, if you start subscribing to Netflix, a unique token is generated that allows the company to charge your card each month. But if you cancel your subscription after a few months, and then reactivate it next year, an entirely new token will be created.

The animation below helps illustrate how this works for individual payments:

The reason tokenization works so well is that the actual payment information stored with processors like Visa is located on servers with much greater security than those used for many online merchants, mobile wallets, and service providers. 

What is a token, exactly?

The “token” itself is actually a random string of numbers and letters which corresponds to a specific request from a merchant to a payment processor. For example, Amazon uses the token “K5OXR3L1ER” to ask Visa for permission to use your Hills Bank debit card for a recent purchase. Once Visa confirms that the request is legitimate, they allow Amazon to charge your card. But if Amazon’s data is breached, the only information hackers can glean about a certain customer’s payment method is the token code above.

You can think of tokenization like you might think of tokens at an arcade: though you can use them to play games inside the building (or make purchases on an online store), they’re worthless once you leave. 

At Hills Bank, we use Visa’s Token Service to secure your online payments. Learn more About Visa Token Service.